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COMPUTERISED DEV,CE FOR ACCREDITING DATA APPLICATION TO A 

SOFTWARE OR A SERVICE 

controlled by credentials specific to a user P ° 9ram ' S 

aPP^^ ^T" ~ - 

banking, etc, requires authentication of m e LT 1 aTr*' h ° me 
concerned. When a user start. = „ vis-a-vus the program 

terminal such asT„» , Pr ° 9ram reqUiri " 9 authentication on a 

credentials are specific to the u«?pr anH #k« 

entets them via the Keyboard of the ,erl a , "'^ °°™* n- ^ "» ^ 

users ^ rt ^ W ' " ° rder '° be eas '"y remembered by 

hack! " S 9eneral,y Sh ° rt ° ffer ° n,y " mited -^noe * 
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communication network such as the Internet ThT °°™**to« v,a a 

P— * applica , ion programs £ £££ = ~- « 

P-.ousr, referred to (electronic mail, home banki^ZoZerce etc,^ 
some cases the application programs enable executTon of r , 
= and „ is plainly essentia, to keep the ~ZZl££Z 
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process vfsTr^Tr^ ' 0 ^'"^ ^"'^ 01 the authentication 
Z£Z T ap P" catl0ns « Known in the ad. Users wishing to access an 
application from a terminal must inn n „ ... «. access an 
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requesting access and starting the application. With this solution the 
credentials can remain unknown to the user, except for those enabling the 
user to authenticate themselves vis-a-vis the password server. However, this 
solution implies the existence of a dedicated server and requires a real time 
connection to the server when the user wishes to access an application. 

Also, apart from questions related to access to programs as such, 
access to many services, for example for carrying out financial transactions or 
purchasing products via the Internet, requires the entry of data, secret or 
otherwise, such as a credit card number and expiry date, bank account 
number, etc. Entry of such data by a user via the keyboard or like device of a 
data processing system is a source of errors and complication and is 
prejudicial to security if the data is secret. 

The invention aims to provide a data processing system significantly 
improving the ergonomics and the security of the process of applying 
credentials to a program or a service executed or to be executed by said 
system. 

The invention also aims to provide a data processing system 
facilitating the process of authenticating a user vis-a-vis one or more programs 
or services to which access is controlled by credentials specific to the user 
and to the program or service concerned, avoiding the user having to 
remember the credentials associated with the program(s) or service(s) or to 

use a password server. 

It further aims to provide a data processing system facilitating the 
application of payment data during telepurchasing operations by avoiding the 
user having to remember the number and expiry date of their payment card or 
the number of their bank account, for example. 

Another object of the invention is to provide a data processing system 
which significantly improves the security of a process of the above kind of 
applying credentials to a program or a service. 

To this end. the invention provides a data processing system 

including: 

- data processing means for implementing at least one of the following 
functions: access to a program, execution of a program and access to a 
service, 

- first means for storing data and programs. 

- user interface means including at least one display screen and 
graphical interface means, and 
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- at least one pointing device for controlling the movement of a cursor 
over said screen, 

- in which system implementing said function requires the application 
of credentials in response to the display of a request on said screen 
5 characterized in that it further includes a personal security device including 
supply means for delivering said credentials and means for controlling access 
to said program and including: 

-display means for simultaneously displaying on said screen said 
request and at least one sign representing the personal security device, 
10 - acquisition means for commanding the acquisition of said credentials 

in sa,d supply means by positioning said cursor on said sign by means of said 
pointing device, and 

-application means for commanding said application of said 
credentials to said function in a required position of said cursor, by means of 
1 5 said pointing device. 

The data processing system according to the invention does not 
require manual entry by the user of their credentials, which are automatically 
transferred by means of the pointing device of the personal safety device to 
the software to which the user requires access. Because the user's personal 
20 secunty device, whether of the hardware type (smart card, token) or the 
software type, can store strong (long and complex) passwords the data 
processing system according to the invention significantly improves security 
for access to one or more programs. 

The growth of applications and services accessible via the Internet 
has indirectly created a proliferation of viruses, one objective of which is to 
read passwords or credit card numbers stored by users on their personal 
computer (PC) to avoid having to enter them each time they are used The 
system according to the invention therefore improves security in that said 
credentials are protected by the user's personal security device and 
30 consequently are not stored in clear on the PC. 

No real time connection to a password server containing the 
credentials of a set of users is necessary because the credentials specific to 
each user are stored in their personal security device, which is associated with 
the terminal from which the user requests access to an application. However 
if a password server of the above kind exists, the data processing system 
according to the invention can be used to improve the security of the process 
of authentication vis-a-vis that server: the credentials controlling access to the 
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server are then managed in the manner described above. 

The credentials referred to can be static passwords or dynamic 
passwords. In the case of static credentials, the means supplying said 
credentials are in fact memory means. In the case of dynamic credentials, the 
means supplying the credentials are computation means for executing an 
algorithm. The dynamic credentials are computed with the aid of time 
variables of the "event counter" type, a key, which itself is static or dynamic, 
and an algorithm executed in the smart card or the hardware or software 
token. 

According to one feature of the invention, when said program is of the 
windows type and includes a destination window for said application of said 
credentials, said access control means further include: 

- first means for identifying characteristic data of the window under 
said cursor while it is moving on said screen, 

- first comparator means for comparing the characteristic data of said 
window under the cursor with characteristic data of said destination window 
stored in said supply means related to said credentials, and 

-means for authorizing said application of said credentials in 
response to a match between said identified characteristic data and said 
characteristic data stored in said supply means. 

In one embodiment of the invention, if the system includes a plurality 
of programs and a plurality of separate credentials controlling access to 
respective programs, each of the credentials is associated in said supply 
means with data identifying the conesponding program, said display means 
are adapted to display on said screen a plurality of signs respectively 
representing said credentials, and said access control means further 
include second means for identifying a program whose destination window is 
displayed on said screen, and second comparator means for comparing the 
identity of said identified program with identification data associated with 
credentials selected by means of said pointing device, said comparator means 
authorizing application of the selected credentials to said identified program 
only if said identified program and said identification data are identical. 

In a variant of the invention, if the system includes a plurality of 
programs and a plurality of separate credentials controlling access to 
respective programs, each of the credentials is associated in said supply 
means with data identifying the corresponding program, and said access 
control means further include second means for identifying a program whose 
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dest lnation window js d|sp|ayed on said ^ ^ 

means for companng the identity of said program detected with said 

*:z c :t data sto r in said supp,y means - said jzjz 

adapted to command application in sard destination window of credentials 

cZ T SUPP,y meanS Wh ° Se aSSOC,a,ed identification data 

co r esponds to the identity of said detected program. In this embodiment the 
authent.cat.on process is automated in the sense that the user does not have 
to choose the credentials assigned to the program to which access is required 
provded that the credentials are available in the persona, security device 

cr.H /I*, SyStGm Pref6rab,y inc,udes mea ™ for authorizing entry of 
crede t, als f or sa ,d detected program by said user via said interface means 
and stormg of said credentials entered with identification data of said detected 
program ,n said supply means if there is no match between said identification 
data and said detected program. 

fnrth Th ?, d8ta Pr ° CeSSlng System accord i"9 to the invention preferably 

iz::r s one or more ° f the f ° ,,owina features — * - » 

device is" In^ ' ^ " «** Sald P ~ -«* 

- said program is an application program divided between the personal 
computer and a server and said system includes means for connecting said 
personal computer to said server; 

- said personal security device is a smart card; 

- said personal security device includes means for comparing a stored 
secret code with a secret code entered by the user via said interface means 
and said access control means are rendered operational in response to a 
match between said secret codes; and 

- said access control means include means for preventing display of 
sa.d credentials on said display screen in response to their application to said 
program. 

Thanks to this last feature in particular, the authentication process can • 
be -mplemented without the user knowing their credentials, which significantly 

crdencials SeCUrity **" inadvertent, y divu,ae the 

If the credentials are static, the means supplying the credentials are 
memory means. If the credentials are dynamic, the means supplying the 
credent.als include means for executing an algorithm for computing said 
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credentials. 

Other features and advantages of the invention will emerge from the 
following description, which is given with reference to the accompanying 

drawings, in which: 

Figure 1 is a diagrammatic view of the hardware and software 
elements of a data processing system according to the invention; 

Figure 2A shows a display screen illustrating the process of 
authentication vis-a-vis a program by means of the system according to the 
invention; 

Figure 2B is a view to a larger scale of an icon displayed on the 

screen shown in Figure 2A; 

Figure 3 is a flowchart showing the basic functions implemented by a 
"Drag-and-Drop" application used in the system according to the invention; 

Figure 4 is a more detailed flowchart showing a first subroutine of the 
software whose flowchart is shown in Figure 3; 

Figure 5 is a more detailed flowchart showing a second subroutine of 
the software whose flowchart is shown in Figure 3; 

Figure 6 is a diagrammatic representation of a home page of an 
application program displayed to a user so that they can enter their password. 

Referring to Figure 1, a personal computer 1 includes a display screen 
2 and a conventional set of means 3 for processing data (microprocessor), 
storing data, input/output of data. etc. To simplify the diagram the keyboard of 
the personal computer 1 is not shown. 

The personal computer 1 is associated with a personal security device 
PSD such as a smart card 5 that can be read by a reader 4 connected to the 
personal computer 1. The reader can instead be integrated into the personal 
computer 1. 

A pointing device, such as a mouse 6 with left-hand and nght-hand 
buttons 6a, 6b, is conventionally connected to the personal computer 1 for 
moving a cursor on the screen 2. 

The personal computer 1 is adapted to execute a number of programs 
L in particular application programs illustrated in Figure 1 by a home page 
carrying the name of the application, namely Application 1, Application 2, 
Application 3 and Application 4, together with an access control program LPA 
managing access to the application programs (see below). The application 
programs (also referred to as applications hereinafter) can be executed locally 
in the personal computer 1 or executed partly in the personal computer and 
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partly ,n a server S ,o which the personal computer 1 can be connected via a 
communication network R such as the interne,, in a client-server architecture 

1 2 T/ S 3 r r ° f PerSO " al C ° mputer 1 to a "y <* applications 
1. 2, 3 and 4 ,s condifional on the entry of credentials which are assigned to 

'° aU ' h : ri2e ^ '° ^ aP " ,iCa "°" concern^ 2 

credenhals generally ,nc,ude a iogin name and a password which are spec! 
«o the apphcahon and to the user concerned. Hereinafter, to simple 

L T h ^ CredemialE C ° nSiS,in9 °' ,he pa ™ PWD vl, be 
considered. Thus passwords PWD1. PWD2, PWD3. PWD4 must be entered 
into the persona, computer 1 to access the respecnve applications 1. 2, 3 Z 

In a conventional system the user is prompted by a dialog box to enter 
he,r password a, the Keyboard and the characters typed -are shol " LTo 

15 Iduw 5 n0n " SPeC * C ,0mi <f0f eXamP ' e 35 3 SerteS °' a "> « specie 
In a system according to the invention, the various credentials and in 

:t::iz::t pwd1, pwd2 ' pwd3 ' pww ** »• ap ~* 

<o 4^ are suppHed to the personal computer 1 by the personal security device 
20 IZZZZ ^ ~' S ' SUCh - -swords^n be 

Psr, 'V* S T Se °' PreSen ' app " cati °". a Personal security device 
PSD ,s a dev,ce held exclusively by or accessible exclusively to (for example 

ulTZ M PerSOna ' iden,ifica,ion coda PIN °' otherwise, an authorized 

7 T " 9 S6CUre S ' 0ra9e ,herei " * da,a with guaranteed security 
aga,nst reading and/or writing of data by unauthorized persons. Furthermore 
a Persona, security device PSD of the above kind can include ^m^ng 
means for execut,ng one or more algorithms, in particular algorithms f* 
generating dynamic credentials. 9 r 

device ptn S ,he K° aSe iR emb0dimente deSCTi ° a * »• Personal security 
dev,ce PSD can be a smart card 5, which can be connected to the personal 
computer 1 via the reader 4 and is provided with hardware and software 
secunty means enabling storage therein of secret data (codes, messages 
keys, programs, etc). Its use is generally conditional on the provision of a 
personal identification code PIN. A smart card general* has no electrical 
power supply and its electronic circuits can be activated only by inserting i, 
into a reader which can supply it with electrical power. 

Other personal security devices which are well known in the art and 
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based on somewhat different security mechanisms do have an integral 
electrical power supply and can be used for authentication vis-a-vis a personal 
computer, a data processing system, etc. These personal security devices, 
which are generally portable, are also referred to as "tokens". 
5 The personal security device PSD can instead take the form of 

software installed on the personal computer 1 and enabling secure storage 
therein of data, which data can optionally be encrypted. 

It must be understood that the invention described in this application is 
not limited to the use of a smart card 5 as a personal security device, and that 
0 the persona, security device could equally well be a "token" able to 
communicate with the personal computer 1 via bidirectional transm.ss.on 
means a personal security device entirely in the form of software installed on 
the personal computer 1. or any other device specific to a user (access to 
which is generally controlled by a personal identification code PIN known to 
L 5 the user) for storing secret data in a secure manner and possibly for execut.ng 
computation algorithms in the case of dynamic credentials. 

The credentials, or the secret data for computing them in the case of 
dynamic passwords, are stored in segments of a memory M of the personal 
security device and their number is limited only by the memory of the device. 
20 Other limitations may relate to the capacity of the device PSD to execute 

computation algorithms. 

Hereinafter, to simplify the description, the personal security device 
considered is a smart card 5 and the passwords PWD1, PWD2, PWD3 
PWD4 supplied by it are static (stored) passwords or dynamic (computed) 
25 passwords. 

The passwords PWD1, PWD2, PWD3, PWD4 supplied by the smart 
card 5 are associated with the features of the window in which the passwords 
are entered , in this instance the class and the attributes of the window. 

The process illustrated by the dashed line arrow F in Figure 1 for 
30 entering the password supplied by the smart card 5 into the required window 
of one of the applications 1 to 4 will be explained further with reference also to 

Figures 2A and 2B. 

The process is based on the use of graphical user interface Drag- 
and-Drop" type functions. The Drag-and-Drop technique is a graphical user 
35 interface (GUI) technique for transferring data between two applications. The 
mouse of the personal computer is used to extract data from one application 
and insert it into another application. For example, it is possible to select a 
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slid ^ . , Pr ° CeSSing Pr09ram - M ° Vi " 9 the cursor ° n »° the 
selected block of text with the mouse and holding down the mouse button 

while mov, na the mouse to shtft the cursor to the required location in anotha 

applicafion inserts the text into that other application simply by releasing the 

5 mouse button. The Drag-and-Drop technique therefore presuppo es a 

TT*T* aPP ' iCa,i0n fr ° m WhlCh da ' a 18 ex,racte * an « « targe, into 
which the data is inserted. 

In the system according to the invention the source is the access 
control program LPA adapted to display at a„ times an icon 7 taking me form 
10 of epresentation of a smart card, for example as shown in Figure ,a tT 
■con 7 ,s displayed and accessible at all times on the display screen 2 for 
exampte ,n the bottom right-hand comer of the screen, because the accesl 
control program LPA is a resident application, i.e. an app.ica.ion tha, execJS 
continuously ,n the background and is started automatically each time haUte 
15 user boots up the personal computer 1. 

The target is the window 8 for inserting the password of the home 
page of the application to which access is required. Most modern application 
programs for personal computers with a windows type graphical user interface 
have a dialogue box with fields or windows enabling the user to enter their 

Z Z , T^'- SyS ' em aCC ° rdin9 '° «» imen,io " * "0' ° 
his type of applpcafion and can be used with older application programs that 

windows ' in te * mode ' - simp,y ~ - - <° ~ 

When the user wishes to connect to one of the applications 1 to 4 for 
25 example appl.ca.ion 1 as shown in Figure 2A. they move the cursor 9 onto the 
icon 7 using the mouse 6. 

In a first embodiment of the invention, the user chooses from a menu 
the password PWD1, PWD2. PWD3 or PWD4 which corresponds to Z 
™ a "e |ica «°". It must be understood that the passwords PWD1 

30 PWD2. PWD3, PWD4 are not shown in clear in the menu and tha, only Ze ' 

idemifiT °rf!' 9n !, IS P1, P2 ' P3 ' P4 aPPSar " * he menU t0 etrabte 'o be 
identified and to indicate to which application each of them provides access 

For example, briefly depressing the right-hand mouse button 6b when 

35 pT C pT p 3 :rrT iC °" 7 C3 " S UP 3 ' iSt « PaSSW ° rd iden "" »*• 
. . , I ' The requ ' red P as sword, for example PWD1, is selected by 

17 CUrS °' 9 °" ,he «~Pondhg code P1 in the lis, and dicking the 
nght-hand mouse button 6b, after which the icon 7 is displayed again The 
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password PWD1 is thereafter selected by default and used automatically 
during subsequent "Drag-and-Drop" authentication processes until the user 
selects a different password from the menu. 

When a password has been selected, with the cursor 9 over the icon 
7 the user depresses the left-hand mouse button 6a and, while holding that 
button down, moves the cursor 9 by means of the mouse 6 toward the 
destination window 8. During this movement and until the cursor 9 reaches 
the destination window the access control software LPA modifies the graphical 
representation of the cursor: as shown in Figure 2A, while it is moving to the 
window 8 the cursor 9 takes the form of a circle with a diametral bar. When 
the cursor 9 reaches the destination window 8, it reverts to its original arrow 
shape, which tells the user that they can release the left-hand button 6a of the 
mouse 6. 

As described hereinafter with reference to Figures 3 and 4, this 
1 5 modification of the graphical representation of the cursor 9 is managed by the 
access control program LPA which, while the cursor 9 is moving, continuously 
compares the class of the window under the cursor with the class of the 
destination window, whose characteristics are associated with the selected 
password PWD in the smart card 5. Releasing the left-hand button 6a of the 
mouse 6 when the cursor 9 reaches the window 8 commands insertion into 
the destination window 8 of the password PWD supplied by the smart card 5. 

The above is merely an example, of course, and from an ergonomic 
point of view there are many other ways of inserting a password selected by a 
user from a set of identification codes representing different passwords into a 
25 destination window using a pointing device. 

It must be understood that the applications 1, 2, 3 and 4 are not 
modified in any way and are standard applications. Consequently, the 
resident access control program LPA is substituted for entry of the password 
via the keyboard by the user. Various solutions for this are available to the 
30 skilled person. One solution is to simulate the pressing of the keyboard keys 
and to send to the destination window a message equivalent to that generated 
by the keyboard. With this solution, the password is transmitted character by 
character to the destination window. Another solution would be to use the 
cut/paste function offered by modern operating systems (OS): the password is 
35 copied onto the clipboard by the program LPA which then simulates pasting 
into the target application by sending it a message equivalent to the paste 
instruction. Finally, the program LPA erases the content of the clipboard to 
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avoid leaving the password exposed. 

.ransmJlH f ° f " OWS J r0m °" f ° reg ° ,n9 deSC "' P,i ° n ,hat the P™™* PWD 
ransrmtted from the smart card 5 by means of the access controi program 

LPA appears ,n the destination window 6 in the same form as if the useThad 

dtoTav ,h° n key ' 0ard ' ThiS meanS ,ha « if ' he is desfcn^o 

display the password ,n clear it wil, remain displayed in clear in the des«na«on 

dTo aTof ,n ' eVe " " ' hiS C3Se SeCUn1y iS because he 

display of the password PWD is transient and, in the case of a s<a«c 

^ password, me user does not need to memorize i, or take the risk of ^ 

However, in many cases, application programs are desioneri ,„ 
dispfcy dummy characters, for example asterisks, inlad of " oha Zt of 
me password typed by a user: in this case, the password win never appear h 
clear and may even be totally unknown to the user for examole if Z 
password PWD is loaded directly into their smart card by Z,^ £ 
under the control of a security administrator. Parsonaliang tool 

If the password used is a static password it can be strong i e lon„ 
and oompiex (for example a sertes of random characters), which i^ practice is 
no, possibie w* me conventiona, solution reguinng the userto menC T 

In order further to strengthen the security of the authentication 
process vis-a-vis an application to which access controlled b a p ass C 

svnchrr te rather ,ha " S,afe - Password cT e 

asynchronous or synchronous. This is known in the art 

pe re on a fl aSy rr° US PaSSW °' d presu PP° ses ,na ' ^ application and fine 

cha7,roirr*, ce are a secre » key - ^ •«*»««» 9°™*°* * 

enlr, a h I 3 "™ '° Pere ° nal SeCUri,y deVioe PSD - ™a device 
encrypts the challenge using the secret key stored in its memorv and an 

2 T ' and , ,he p ™ compu,ed in ,his -vTZLC: 

he cha f I aPP " Ca, ' 0n CarriSS ° U ' in Paralte ' a s ™ la ' -Icuiation on 
the ^challenge and compares the result obtained with the password received 
from the personal security device. Access to the app.ication is authorized if the 

-y rt:r ed in ,he appuca,ion and in * ps ° - 

the char° Vided <hat ^ aCC6SS COmr01 SOflWare LPA is in a P° siti °n to read 
*e challenge generated by the application, the system according to the 

mvenhon enables the use of an authentication mechanism using 

asynchronous passwords of the above kind by having the access control 
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software after reading the challenge, transmit it to the personal security 
device PSD and then, as previously described, the computed password 
inserted into the destination window. 

Synchronous passwords vary in time, preferably each time they are 
used for example in accordance with a timebase and/or an event counter. 
The passwords, or the keys and variables used to compute them, evolve 
S ynchronous.y in the personal security device PSD and in the Whc-bon. 
These mechanisms are well known to the skilled person and are not descnbed 
in more detail here. However, international patent application WO 99/18546. 
filed 1st October 1998, describes mechanisms for implementing 
authentication by a dynamic password based on time and using a smart card 
despite the absence of an electrical power supply and consequently of a clock 

in a card of this kind. 

in the embodiment shown in Figures 2A and 2B it is assumed that the 
user uses the cursor 9 to choose from a menu the code corresponding to the 
password PWD for the application they wish to access. 

The following description with reference to Figures 3 to 6 covers a 
second embodiment in which the user does not need to select the appropriate 
password, because it is selected automatically by the access control program 
LPA 

Figure 3 shows the overall way in which the mouse 6 controls the 
access control program LPA. The process starts with step 100 in which the 
left-hand mouse button 6a is pressed when the cursor 9 is on top of the icon 
7 Step 101 corresponds to capture of the status of the mouse and step 102 
to waiting for events that can be generated by the mouse, for example mov.ng 
the mouse or releasing the left-hand mouse button. 

If the event detected is movement of the mouse, the next step is step 
103 corresponding to the subroutine whose flowchart is shown in Figure 4. 

If the event detected by the access control software concerns the left- 
hand mouse button, the next step is step 104 corresponding to the subroutine 
whose flowchart is shown in Figure 5: Step 105 is the last step of the ma.n 

^^The Figure 4 subroutine starts in step 106 with detection of movement 
of the mouse. In step 107 the position of the mouse is acquired. In step 108 
the window under the cursor 9 is sought. Step 109 corresponds to the 
acquisition of characteristic data of the window under the cursor, in particular 
its class. 



CA 02395381 2002-06-14 



13 



Step 110 determines if the class of the window under the cursor 
corresponds to a window class stored in the smart card 5. If not, the graphical 
representation of the cursor 9 is modified in step 1 1 1 to advise the user that at 
this stage the function for entering the password PWD is inhibited i e that 
5 releasing the left-hand mouse button 6a will have no effect. The next step of 
the subroutine is then the end step 112. However, the Figure 4 subroutine is 
repeated for as long as the mouse 6 is moving, as is clear from the Figure 3 
flowchart. 

If the result of the test in step 110 is positive, i.e. if the window under 
) the cursor is of a class contained in the memory of the smart card 5 step 1 1 3 
modifies the graphical appearance of the cursor (which reverts to the arrow 
shape that it has when it reaches the window 8 in Figure 2), advising the user 
that insertion of the password PWD is then authorized. 

If the event detected in step 102 in Figure 3 is releasing the left-hand 
mouse button, the subroutine 104 shown by the Figure 5 flowchart is 
executed. 

Step 114 in Figure 5 corresponds to detecting release of the left-hand 
mouse button. The position of the mouse is acquired in step 115 and the 
window under the cursor is sought in step 116. Characteristic data of that 
window, in particular its class, is acquired in step 117. 

Step 118 applies a test to determine if the window under the cursor 9 
belongs to a class stored in the smart card 5. If not, the subroutine terminates 
in step 119. 

If it does, the application to which the window belongs is determined in 
step 120. Step 121 applies a test to determine if the identified application 
corresponds to an application whose identification data is contained in the 
smart card 5. If it does, the password in the smart card 5 associated with the 
identified application is inserted in the window in which the cursor is then 
located, after which the subroutine terminates in step 123. 

If the result of the test in step 121 is negative, the user is prompted in 
step 124 to enter the required password (static password) manually via the 
keyboard of their personal computer. In step 125 the password the 
application identification data and the characteristics of the detected window 
acqu,red in steps 117 and 120 are transmitted to the smart card 5 which 
stores them. The next step of the subroutine is then step 122 which inserts 
the password entered at the keyboard by the user and stored in the smart 
card 5 into the destination window. 
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Figure 6 is a diagrammatic representation of a home page of an 
application and is used to explain the information collected during execution of 
the Figure 4 and 5 subroutines. 

In a home page like the home page shown here, there is generally a 
data entry field in the destination window 8 into which the password PWD 
must be inserted. The window is characterized by its class and its specific 
attributes, for example an attribute characteristic of a password w.ndow. 

The destination window is in a dialogue box 10. The dialogue box is 
characterized in particular by the title of the window, shown in the title bar of 
the dialog box, for example in the form "Enter password". 

Finally the main window of the application, i.e. the window of the 
target application, is characterized in particular by the class of the window and 
by the title 11 of the window. The title is generally formed by concatenating 
the name of the application and the name of the document open .n the 
application, for example the file name of a text file or the address of a web 

Pa9G " In steps 109, 117 or 120 of the Figure 4 and 5 subroutines the above 
information is used as previously described to determine if the insertion of a 
password is authorized or not. 

If access to an application is conditional on the provision of several 
credentials, for example the user name (login name) and a password, the 
access control software LPA is adapted: 

- to determine if the destination window in which the user released the 
button of the mouse 6 is that which is to receive the login name or that which 
is to receive the password; and 

- looks for another adjoining window of the same dialog box that will 
receive the login name or the password, depending on the result of the 

preceding step. . 

The discrimination between login name and password windows ,s 
performed by examining if the window concerned has the "password" attribute, 
i e if the window is adapted to conceal what is entered by means of aster.sks. 

The second window is looked for by seeking the parent of the first 
window and then listing all the daughter windows of that parent until a window 
is found having the required characteristics. However, in some cases this 
solution may not work (dialog box with more than two entry windows, 
"password" attribute not used, etc.). 

Another solution consists of having the user perform an in.t.al.zation: 
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at the time of the first "drop- in an "unknown" dialog box of an application th„ 
program LPA guides the user as to what to do next i e it shows 

ess of ,h r r9et diai ° 9 box w,,h te en,ry ** ^ ™ 

(in the form of their cortex pi do «»~\ _i ■ yaosworas 
, card *nn th ine,r ^° des P1 ' P2 ' etc ) an <* '°9«n names already present in the 
> card, and the possibility of adding new ones. em in me 

The user makes the link between the passwords and th« 
by indicating which credential (iogin name or pas s"m ^ Zn«Z 
he w,ndow for exampie using the mouse. A„ this informal s l^Tn he 
smart card for subsequent re-use at th^ «m« ^ 
vis-a-vis the applicahon concerned " """^ ** au,he "«-«°" 

exampj: ^L^Z^T^ZZZ^ 7 ^ 
= n 9 technioa, events, without ^^^2 

case, the persona security device pqn , n nt..*~~ , 
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CLAIMS 



functions -tZ to a 9 pro aram , execution o, a program and access to a 



service. 



-first means for storing data and programs. 

-user interface means induding at .east one d,sp.ay screen and 
^^'r^onT^nCevice for control the movement o, a cursor 
OVSr " in^ch system impiementing said function requires the application 

including means (M) for deiivering said cedents and means (LPA) 

»'™™Z rriC'SlSrSU on said screen said 
reguest'oO) and a. ieas, one sign ,7, representing the persona, secunty 

deViCe(5 ac q uisi«on means (100) for commanding the acquisition of said 
credential said suppfy means <M> by posting said cursor (9, on sa,d 

credential said function in a required position of sa,d cursor, by means of 
said pointing « ^ ^ ^ safcJ ls of the 

inClUd6: . f,rst means (109, 117) for identifying characteristic data of the 

ft, 0 rnr«sor with charactenstic data ot saia 

d d :iir.;r 8) u " ^ „ — » - 

credential, and ^ applica ,ion o, said credenfiais in 

response to a ma J between said identified characteristic data and saK, 
characteristic data stored in said supply means (M). 
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idenafied program and said identification date are identical 
program Ration 1, etc,, and said access 

:eir d ~ a,ed '~ on data — *° -TSi-nr- 

means M24 ^rT 9 '° C ' a ' m "' Characteri ^ - •* i, includes 
means (124, 125) for authorizing entry of credentials for said detected 
pmgram by said user via said interface means and storing of ScZZZ 
entered w„h ,den,if,ca,ion data of said detected program in said suppTy means 

program. ^ ^ ^ - « 

6. A system according to any of claims 1 to 5, characterized in that it 

£££ pmM compu,er m ,o which saw p ~ — « zzsz 
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7 A system according to claim 6, characterized in that said program 
(Application 1, etc) is an application program divided between the personal 
computer and a . server and said system includes means for connecting said 
personal computer to said server. 

8. A system according to any of claims 1 to 7, characterized in that 
said personal security device is a smart card (5). 

9 A system according to any of claims 1 to 8, characterized in that 
said personal security device (5) includes means for comparing a stored 
secret code (PIN) with a secret code entered by the user via said interface 
means and said access control means are rendered operational in response 
to a match between said secret codes. 

10 A system according to any of claims 1 to 9, characterized in that 
said access control means include means for preventing display of said 
credentials on said display screen in response to their application to said 

program. • ■ 

11. A system according to any of claims 1 to 10 wherein sa.d 
credentials are static, characterized in that said supply means (M) are memory 
means. 

12 A system according to any of claims 1 to 11 wherein sa.d 
credentials are dynamic, characterized in that said supply means (M) include 
means for executing an algorithm for computing said credentials. 
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